On January 28, 2022, the European Data Protection Board (“EDPB”) initiated a public consultation on its draft Guidelines 01/2022 on data subject rights – Right of access (“draft Guidelines”). Running to 60 pages, the draft Guidelines cover a range of topics relating to the right of access, including analyzing a request; establishing

In a decision handed down on December 1, 2021, the Brussels Market Court (Court of Appeal) had an opportunity to consider the GDPR right of access.  The Belgian Ministry of Finance appealed the Belgian Supervisory Authority’s recent decision requiring the Ministry to grant a complainant access to her financial file and make corrections to the

There have been many headlines today about the UK Government’s plans to reform UK data protection law. We are still reviewing the (near 150-page) consultation document, but set out below a dozen proposals that we thought might pique the interest of readers of our blog.
Continue Reading 12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law

At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here).  Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests

Guidance on how to identify data subjects

On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to verify the identity of data subjects exercising their data protection rights under the GDPR. The guidance is directed at public bodies, but is also helpful for private entities.

According to